Forward Traffic from Virtual IP to target behind WAN



  • ---------------------
    |Server1 192.168.1.1|
    |Server1 192.168.1.2|
    ---------------------
            |
    -------------------
    | pfSense WAN      |
    | IP 192.168.1.254 |
    -------------------
    |   Manual NAT     |
    ---------------------------
    |    pfSense LAN           |
    |  IP  192.168.20.254      |
    |                          |
    |Virtual IP1 192.168.20.1  |
    |Virtual IP2 192.168.20.2  |
    ---------------------------
    

    I want to forward all request that go to Virtual IP1 to Server1 and Virtual IP2 to Server2 (including replies). A true 1:1 address translation. But i don't know how. If i enter the IP addresses in the 1:1 NAT mask, nothing happens. It is still the pfSense listening on Virtual IP1, nothing gets forwarded to Server1.

    I suppose i am understanding 1:1 NAT wrong, but it worked like this on a Sonicwall we used a few years ago.



  • Why are your virtual IPs the same? Also, this looks backwards. Usually you NAT from the WAN side, not the LAN side.



  • @kom said in Forward Traffic from Virtual IP to target behind WAN:

    Why are your virtual IPs the same? Also, this looks backwards. Usually you NAT from the WAN side, not the LAN side.

    I just need it that way. I already have a different 192.168.1.0/24 subnet. This is why i need to address the "new" 192.168.1.0/24 subnet through different addresses, hence the forwarding from the single 192.168.20.x addresses to the 192.168.1.x addresses.

    The Virtual IPs being the same is just a typo (corrected it).



  • Perhaps post a screenshot of your 1:1 NAT so we can see what you did. Also, do a packet capture on the LAN & WAN interfaces to see if the traffic is passing or not.



  • @kom said in Forward Traffic from Virtual IP to target behind WAN:

    Perhaps post a screenshot of your 1:1 NAT so we can see what you did. Also, do a packet capture on the LAN & WAN interfaces to see if the traffic is passing or not.

    Virtual IP Config:

    Type: IP Alias
    Interface: LAN
    Address type: Single address
    Address(es): 192.168.20.1/24
    

    1:1 NAT Config:

    NAT 1:1 Mappings
    Interface 	External IP 	Internal IP 	Destination IP 	Description 	Actions
    LAN		192.168.1.1	192.168.20.1		*		 
    

    NAT reflection is set to enabled.



  • OK. Now what about the captures? That's the only way to really see what's happening.



  • @kom said in Forward Traffic from Virtual IP to target behind WAN:

    OK. Now what about the captures? That's the only way to really see what's happening.

    I went the easy route and ditched my previous attempts. I just created Port Forwarding Rules for the required hosts. Not elegant, but works for me.

     Interface  Protocol  Source Address  Source Ports  Dest. Address  Dest. Ports  NAT IP         NAT Ports
     LAN 	    TCP/UDP 	    * 	            * 	    192.168.20.2   1 - 65535    192.168.1.2    1 - 65535	
     LAN 	    TCP/UDP         *               *       192.168.20.1   1 - 65535    192.168.1.1    1 - 65535
    
    

    Sorry for the delay (blame it on the holidays ☺ )